Security Alert

Phishing Alert – Nov. 13

Wednesday, Nov. 13, many UA employees received phishing emails from a compromised UA account. Emails had various subject lines including “need to earn some extra money”, “Job Notice”, “Announcement”, and “Offer”.

This email derived from a compromised UA account. Please remember that The University of Alabama does not send out these types of messages. If you haven’t already, please delete the email.

If you did receive the email, and you did click on the link in the email to provide your username, password or other sensitive data, please please promptly change your myBama password. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Phishing Attempt – Nov. 12

Tuesday, Nov. 12, 2019, many UA students received a phishing email with the subject “University of Alabama ( Crimson)Work-Study Employment” This email is a scam attempt.

Remember to notice the red flags of phishing emails. Look at the from email address of the email, and hover over links before you click to see the web address.

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

DUO Phone Call Issues

DUO is currently experiencing issues with the phone call authentication method – see https://status.duo.com/ for details. 

Until this issue is resolved, please remember other authentication methods are available.  

  1. Push notifications via DUO mobile app. – If you have the DUO mobile app installed, select to receive push notifications.
  2. Passcodes via DUO mobile app – If you have the DUO mobile app installed, you can receive a single passcode by tapping the University of Alabama logo in the mobile app. This code must be used immediately.
  3. Passcodes via SMS – Users can receive a batch of one-time use codes via text message. You can request these by logging into your myBama as you typically would. Once you received the DUO prompt, you can click Enter Passcode, then click on the blue button “Text me new codes.”  These codes do not expire, and they are valid until used.
  4. Online-Generated Temporary Passcodes – If you do not have your device with you, you can obtain temporary passcodes. Each of the passcodes can only be used once, and will expire after 72 hours. Visit our self-service page to generate these passcodes.

If you have any questions or concerns, please contact our IT Service Desk at 205-348-5555, itsd@ua.edu.

Phishing Alert – Nov. 4

Monday, Nov. 4, 2019, many UA students received a phishing email with the subject “WORK-STUDY EMPLOYMENT OPPORTUNITY” This email is a scam attempt.

Remember to notice the red flags of phishing emails. Look at the from email address of the email, and hover over links before you click to see the web address.

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Phishing Alert – Nov. 4

Monday, Nov. 4, 2019, many UA students received a phishing email with the subject “Student Job Opportunity” This email is a scam attempt.

Remember to notice the red flags of phishing emails. Look at the from email address of the email, and hover over links before you click to see the web address.

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Phishing Alert – Nov. 2

Saturday, Nov. 2, 2019, many UA employees received a phishing email with the subject “UPS:  attempted delivery” This email is an attempt to steal usernames and passwords.

Close to the holiday season we see many phishing emails that pose as USPS, UPS and FedEx. Remember to notice the red flags of phishing emails. Look at the from email address of the email, and hover over links before you click to see the web address.

If you did receive an email like this, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

MacOS Catalina Incompatibilities

OIT has discovered several enterprise-wide incompatibilities with the MacOS Catalina. One of these instances is that 32-bit applications cannot run on Catalina. This includes Endnote, McAfee, OIT’s remote support tool, and several other applications. OIT encourages Mac users to not upgrade to Catalina at this time. If you have any questions, please contact the IT Service Desk at 205-348-5555.

Oct. 8, 2019 Phishing Alert

Tuesday, Oct. 8, over 1,000 faculty and staff received a phishing email posing as the “Microsoft Outlook Web App Team” Remember the red flags of phishing. For this email, the “from” email address lets us know it is a phishing email. A screenshot of the message is below. If you ever receive a message that you think may be a scam, you can forward it to security@ua.edu.

unusual sign-in activity email

Windows Jabber Vulnerability

A vulnerability has been published for Cisco Jabber Windows software versions prior to 12.6(2). Windows users need to update to the latest version of Jabber, available on the Tech Tab of myBama. By downloading the latest version, Jabber will update to the latest release. OIT Security recommends that all Windows users update Jabber as soon as possible to secure against the vulnerability.

More information about this vulnerability is available on Cisco’s website. Please note that Mac, Apple iOS and Android versions are not affected by this vulnerability.